Simplesysadmin.info. If you concern about cyber security, you should knew about social engineering. Social engineering is a method relies on human interaction and psychological manipulation. It have several type of attacks depends on targer behavior.
Introduction of social engineering
Social engineering is an approach of attack that relies on human interaction and often concern to tricking people so they give up confidential information. Psychological manipulation is that something used, because it is very effective in gaining access to restricted information. People’s willingness to help each other or ther lack of knowledge which sources for exploitation in social engineering.
A social engineer works used to be called a “con game”. Techniques that often used in social engineering are attract arrogance, attract authority and attract greed.
Social engineering can be non-technical attacks and don’t necessarily involve exploitation of systems or software. That’s why social engineering is one of the greatest security threats so far.
The example of social engineering
The example is an email tells you to ‘verify’ some informations because it’s explains there is a problem. You need to click a link that provided and inputting the desired information. The link have logos and content looks like very real and valid, and also make you to trust this source by giving you the impression. The criminals may have email copied a company email exactly, so there is little difference between a valid Apple email, for example, and a fraudulent one.
Usually the email have warning message included of what will happen if you fail to act soon with these type of phising scams.
The types of social engineering attack :
This type of attack is the attacker drop something in a place that intentionally want to be found. Usually the attacker drop a malwer-infected physical device, like USB flash drive. Then the finder collect the device and pluging it onto their computer. After that, the finder or the target accidentaly installing malware.
When a hacker party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.
- Spear phishing
Spear phishing is like phishing, but tailored for a specific individual or organization.
Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker’s malware.
- Shoulder surfing
Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices.
How to prevent social engineering attacks
- Slow down.
Spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.
- Research the facts.
Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their phone number.
- Delete any request for financial information or passwords.
If you get asked to reply to a message with personal information, it’s a scam.
- Reject requests for help or offers of help.
Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.
- Don’t let a link in control of where you land.
Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.